W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Mon, 07 Dec 2015 12:45:47 +0000
To: Cory Benfield <cory@lukasa.co.uk>
cc: Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-ID: <66229.1449492347@critter.freebsd.dk>
In message <FCF50BFC-3C9F-49EE-BA31-FE345A597446@lukasa.co.uk>, Cory Benfield writes:

>However, I think it is a dereliction of duty for this WG to not 
>address the requirements of a key distribution system in anything we 
>want to standardise.

I agree that if there were *no* key-distribtion available that
then it would be pointless to bless that draft.

But there *are* key-distributions available, most notably PSK.

>Yes, PSK is clearly totally acceptable. The draft should say so.

You know, I'd actually prefer the draft isn't bloated with
boilerplate text like that.  It should concentrate on the
task at hand and simply caution:

  "We remind the reader that Key-distribution is the only really
  hard cryptographic problem, do not take it lightly."

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 7 December 2015 12:46:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC